Reporting Suspicious Emails

Introduction

Reporting phishing and other suspicious email messages is crucial for maintaining Emory’s digital security and protecting yourself and others from potential cyber threats. In this article, we will guide you through the process of reporting phishing or other suspicious emails using the Phishing Reporter Button in Microsoft Outlook or Outlook on the Web. We will also cover reporting emails using mail clients that do not support the Phishing Reporter Button, such as Apple Mail.

Method One: Using the Phishing Reporter Button (Preferred)

Microsoft Outlook or Outlook on the Web

If you use Microsoft Outlook, or the browser based version of Outlook, the easiest way to report a suspicious email is by using the Phishing Reporter Button. 

  1. Open Microsoft Outlook or Outlook on the Web (available at https://email.emory.edu)
  2. Locate the suspicious email in your inbox or folder.
  3. Select the email by clicking on it once to highlight it.
  4. In the Outlook toolbar or ribbon, locate the Phishing Reporter Button. If you are using Outlook on the Web and do not see the button, you can find instructions for adding it to your toolbar in KB07332.

Reporter Button

 Phishing Button in Outlook

  Reporter Button (OWA)

Phishing Button in Outlook on the Web
  1. Click on the button to initiate the reporting process.
  2. A confirmation message should appear, indicating that the email has been reported successfully. If you report one of Emory’s simulated phishing training messages, you will get immediate feedback letting you know that you correctly identified the message as phishing.
  3. Emory’s Security team will investigate your report to determine if it’s malicious. You will also receive a response letting you know the disposition of the message you reported, similar to the image below.

Response example

Outlook Mobile App for Apple iOS and Android

 If you are using the Outlook Mobile mail client on your Apple or Android phone, you can report message using the phishing reporter button as well.

  1. Tap to open the message that you wish to report.
  2. Tap the menu that looks like three dots “…” in message next to the sender’s address. See the image below for an example.
  3. Tap “Report Phishing”

 How to submit suspicious emails via Outlook Mobile

 Method Two: Forwarding Suspicious Emails as Attachments (Less Preferred)

If you use a non-Outlook mail client, such as Apple Mail or Thunderbird, you can still report messages by forwarding them to abuse@emory.edu  as an attachment. Attaching the email rather than simply forwarding it includes important “header” information that isn’t available when you just forward the message. In most mail clients this is as easy as composing a new message, then clicking and dragging the message that you want to attach into the new email message. You can also send messages as attachments in the Apple iOS mail client by:

  1. Open the Mail app on your iPhone and tap the button to compose a new email.
  2. Use your finger to slide down the top of the New Message screen to minimize it.
  3. With one finger, press the email you wish to add and drag it. Don’t lift your finger until step 5.
  4. With another finger, tap the minimized New Message window to open it.
  5. Finally, drop the dragged email onto the New Message screen and send it to abuse@emory.edu.

 Conclusion

Reporting phishing and other suspicious messages allows us to proactively act against email based threats and prevent others from falling for the same lure. By utilizing the Phishing Reporter Button in Microsoft Outlook or Outlook on the Web, you can contribute to a safer Emory. Remember to stay vigilant and report any suspicious emails promptly.